Describe the bug
When I attempt to add a bigquery database connection I received the following error in the UI
ERROR: {"error": "Connection failed!\n\nThe error message returned was:\nHTTPSConnectionPool(host='oauth2.googleapis.com', port=443): Max retries exceeded with url: /token (Caused by SSLError(SSLError(\"bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)\",),))"}
Upon further investigation, I attached to the docker container as root:
docker exec -u 0 -it <id> /bin/bash
and then ran python`
Terminal session:
`Python 3.6.8 (default, Mar 27 2019, 08:49:59)
[GCC 6.3.0 20170516] on linux
Type "help", "copyright", "credits" or "license" for more information.
import requests
requests.get('https://www.google.com')
From cffi callback <function _verify_callback at 0x7f5b1eccc378>:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/OpenSSL/SSL.py", line 309, in wrapper
_lib.X509_up_ref(x509)
AttributeError: module 'lib' has no attribute 'X509_up_ref'
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/urllib3/contrib/pyopenssl.py", line 441, in wrap_socket
cnx.do_handshake()
File "/usr/local/lib/python3.6/site-packages/OpenSSL/SSL.py", line 1915, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "/usr/local/lib/python3.6/site-packages/OpenSSL/SSL.py", line 1647, in _raise_ssl_error
_raise_current_error()
File "/usr/local/lib/python3.6/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')]
...`
I found that I can successfully connect to bigquery or any other https connection via python by running this pip removal.
pip uninstall pyOpenSSL
To Reproduce
Steps to reproduce the behavior:
- Go to add databases
- Click add a bigquery://
- see error message
Expected behavior
I install the docker-compose template and everything works without hackery.
I'm not sure what the solution is here, but thought I'd report it.